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A METHOD OF AND APPARATUS FOR COMPUTER SECURITY USING 
A TRANSMITTING LOCATION DEVICE 



BACKGROUND OF THE INVENTION 
FIELD OF THE INVENTION 
1 0 The present invention relates to a method of and apparatus for 

computer security using a transmitting location device, and, more particularly, to a 
method of and apparatus for adding an additional layer of computer security based 
on registration and tracking of the computer user's location. 

15 DESCRIPTION OF RELATED ART 

The increasing use of remote access, that is the use of a computer or 
other device to communicate with a computer network from a location distant from 
the network, has enabled individuals who otherwise do not have authorized access 
to the computer network to none-the-less violate computer security from afar. The 

20 ability of computer hackers to infiltrate a computer network from a distant location 
can be a serious threat to a company's well-being. This threat is especially serious 
for companies which have an ever increasing reliance on a workforce who tele- 
commute to work from home everyday. Thus knowing where an mdividual is 
when they attempt to gain entry to the computer network would be an unportant 

25 aspect of computer security. 

Position detection for locating individuals, devices, and vehicles has 
been accomplished. For example, U.S. Patent No. 5,689,269, issued November 1 8, 
1997 to Norris, relates to an apparatus and method for determining the position of a 
first device relative to the position of a second device using the Global Positioning 

30 System (GPS). The first device, with a person or object to be located, transmits 
telemetry position data to the second device after first receiving a GPS signal and 
determining its own location using that GPS signal. The second device receives 
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the telemetry position data from the first device and calculates a relative distance 
between the two devices. The calculation performed by the second device is based 
on the telemetry position data received from the first device and knowledge about 
its own position determined from GPS signals that it has previously received. The 
5 second device is also capable of determining direction and difference in elevation 
between the first and second devices. 

Further, U.S. Patent No. 5,550,551, issued August 27, 1996 to 
Alesio, relates to a position monitoring system and method particularly applicable 
to vehicle monitoring. When activated, a position detector mounted on the vehicle 

10 uses GPS signals to determine vehicle location information. On a pre-determined 
basis, the position detector periodically updates the vehicle location information 
and transmits a location information signal based on the vehicle's location to a 
remote dispatch center. The dispatch center receives the transmitted location 
information signal from the position detector, determines the vehicle location, and 

15 relays that information to an appropriate law enforcement agency. 

Yet another example, U.S. Patent No, 5,389,934, issued February 
14, 1995 to Kass, relates to a portable system for locating a person, vehicle or 
object The system uses a GPS unit and a piece of cellular telephone equipment 
The system's locating function is first activated by receipt of a telephone call on 

20 the piece of cellular telephone equipment. Upon this activation, the system then 
detennmes its own location via the GPS unit and responds to the call with a voice 
message stating its current location. The person, vehicle or object may then be 
retrieved. 

As can be seen, however, while the ability to accurately locate a 
25 person, device or vehicle exists, this ability has not been applied to help with 
computer security. As the threat of a breach of computer security from afar still 
exists, and in fact seems to be increasing, there still remains a need for a method of 
enhancing computer security based on detection of location. 

30 SUMMARY OF THE INVENTION 

Accordingly, in response the present invention, as embodied and 
broadly described herein, provides a method of and apparatus for adding an 
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additional layer of security to the computer log-in process based on registration and 
detection of location. Thus, an individual who wishes to log-in to a computer 
system must not only be an authorized user of the system, but must also be 
attempting to log-in from a pre-registered and authorized location or zone. 

5 Proper location is checked tiirough the use of a transmitting location 

device. When an individual who is an autiiorized user of a computer networic 
desires to access tiiat network from a location distant to the network, a location 
device is activated. Once activated, the location device will transmit a location 
signal, to the computer networic. 

,Q An additional layer of security is tiius added through the use of the 

transmitting location device. This is accomplished when tiie individual is logging- 
in to tiie network. Once the locating device has been activated and is transmitting a 
locating signal, the computer network will receive that locating signal and 
determine where tiie individual is as tivey are attempting to log-in. The computer 

1 5 network will tiien match tiiat determined location against a list of pre-registered 
locations. If tiie individual is in fact located at a location tiiat has been pre- 
registered, tiie computer network will allow access using botii tiie location 
information and tiie standard security measures (e.g. ID and password). Thus not 
only must tiie person be an autiiorized user (which can be determined by tiie ID and 

20 passcode, inter alia), but tiie location must be a pre-autiiorized and pre-registered 
location. 

Further, tiie additional security may be added to tiie on-going 
session as well. As tiie individual is logged-on to tiie network, tiie network may 
reactivate tiie location device to periodically check tiie individual's location. 
25 Periodic updates allow tiie computer network to ensure tiiat tiie individual is still at 
and/or in tiie pre-registered location or zone, and tiiat a proper location signal is 
being received. 

The present invention, including its features and advantages, will 
become more apparent from tiie following detailed description witii reference to 
30 the accompanying drawings. 
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RRTFF DESCRIPTION OF THE DRAWINGS 

Figure 1 illustrates a flow chart of a method of enhancing computer 
security using a transmitting location device in which the location device transmits 
a location signal during an attempt to log-in to a secure computer network, 
5 according to an embodiment of the present invention. 

Figure 2 illustrates a schematic of an apparatus by vMch 
transmission of the location signal from the location device to the computer 
network can be carried out, according to an embodiment of the present invention. 

10 DETAILED DESCRIPTION 

Figures 1 and 2 show a method and an apparatus for adding an 
additional layer of security to a computer log-in process based upon a pre- 
registration operation and a subsequent detection of a computer user's location. 
Thus the location from which the computer user attempts to log-in, and from which 

15 he or she continues to work, becomes an additional element by which computer 
security may be maintained. If the individual using the computer logs-in from a 
pre-registered location, and the central computer recognizes that location as an 
authorized location, log-in to the computer networic is permitted. However, if the 
identified location is determined not to be an authorized location, log-in is not 

20 permitted. Subsequent updates of the computer user's location can also be used to 
ensure that the user is still in the authorized location. Thus if the individual is 
subsequently determined to be outside of the pre-registered location, access to the 
computer network can be terminated. 

An individual who will have need of logging-in to a computer 

25 network from a location outside of the immediate area of the computer network 
wiU be required to pre-register the location (or locations) firom which he or she 
shall be logging-in. A central computer wiU then consider each pre-registered 
location as an authorized location for that individual. In essence, then, the location 
is keyed to that individual and is the only location from which the individual may 

30 log-in and continue to work. Approval of the location.by the central computer may 
be dependent upon any number of pre-set criteria. Further, ultimate approval may 
reside with the appropriate company personnel. It is to be understood, then, that 
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the location approval process may be established and administered in any manner 
which the company (and/or individuals) using the present invention approves. It is 
not to be limited to simply the embodiment herein described, and is only of 
importance in ensuring that the registered locations are in fact pre-approved. 

5 The actual locations being pre-registered by the computer user may 

be a single place or a broader area. For instance, an individual may want to pre- 
register his or her home, and may also want to pre-register the area which follows a 
route to and from work. Such a registration scheme thus allows the individual to 
work from home and also to work while en route to or from work. It is to be 

to understood, of course, that the number of locations vMch each individual may be 
allowed to register can be pre-seL Further, registration of places or areas may be 
keyed to specific days or to specific times of the day. An individual may want to 
register his or her home only for authorized use during the weekends, when that 
individual knows he or she may need to work from home. The route to and from 

15 work may be registered for those times of the day which the user knows he or she 
is more likely to be commuting. Even fimher, if the user knows that he or she will 
be traveling away on business, the user may pre-register the location to which he or 
she will be traveling, and may register for only those days on which he or she 
expects to actually be there. 

2Q Detection of the individual's actual location when he or she 

attempts to log-in to a computer network is accomplished by activation and 
tracking of a locating device which the individual shall have with them. The 
individual may either be personally carrying the locating device, or it may be 
attached to, or an integral part of, the computer terminal (whether portable or fixed) 

25 from which the individual is logging-in. The locating device itself is a transmitting 
and receiving device capable of both sending and receiving a location signal. The 
transmission of the locating signal may, of course, be continuous or intennittent, 
and may be digital and/or analog in nature. 

Activation and initial tracking of the locating device is triggered by 

3b the central computer of the network at the Ume of log-in. Further explanation of 
the activation and tracking sequence will be given below with reference to the 
drawings. 
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Referring to Figure 1, a central computer may have associated with 
it a network, which from the central computer's perspective is co-located with that 
computer. In step 100 an individual who will have a need to log-in to the central 
computer from a site remote from or not co-located with the central computer will 

5 pre-register one or more locations from which he or she will want to log-in. 

Registration of such log-in sites will preferably occur at the location of the central 
computer using a controller that interfaces with the central computer. 
Alternatively, such registration may be accomplished from a secure remote site. 
Once the sites for remote access have been input to the central computer, in step 

10 11 0 an approval process for each location input will be implemented. As stated 
above, there may be various approval processes. Preferably someone having a 
position of authority and/or responsibility for overseeing computer security will 
give final approval for remote access sites. Further, each site may be designated as 
"dormant" untU an attempt to log-in is made from that remote site. Once a log-in 

15 occurs from a site, the site's status may be changed to "active" and notification of 
the log-in and use of the site may be sent to the appropriate persons (i.e., persons in 
charge of computer security), and periiaps includmg the site's registrant Further, 
an "active" site which has not been used for a pre-set period of time may be 
changed back to a "dormant" state. Such classification of sites can be helpfiil in 

20 keeping track of which sites have and/or have not been used and may further help 
to maintain security. 

Once a log-in location has been pre-registered and approved, an 
individual may access the central computer from that location by logging-in. In 
step 120 the individual seeking remote access to the central computer and network 

25 wiU log-in in the normally accepted fashion. For instance, the individual will 
establish contact with the central computer and can present his or her identifying 
code and password. It is to be understood, of course, that the present invention can 
be used witii any type of log-in procedure, and is not limited to a log-in procedure 
which uses an identifier and passcode. Further, it should be noted that once a 

30 location is registered and approved, as in steps 1 00 and 1 1 0 explained above, the 
individual need not register that location each time he or she wishes to log-in from 
that location. On the contrary, die central computer can store the registered and 
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approved location for future use. In other words, steps 100 and 1 10 need not be 
repeated each time the method of the present invention is to be utilized. It may be, 
however, that re-registration of locations will be required on the basis of some pre- 
selected criteria, and thus steps 100 and 1 10 will need to be repeated. For instance, 

5 re-registration of a location may be required after a certam period of time has 
elapsed, after a certain number of log-ins fi-om that location have occurred, after a 
certain total number of system log-ins have occurred, or any other similar criterion. 

In step 130, once the central computer is contacted by an attempted 
log-in, the central computer will identify on the basis of at least one parameter who 

10 the individual attempting to log-in purports to be and will activate the location 
device associated with that individual. In other words, if the central computer 
detennines that the parameters of the identifier and password submitted m the log- 
in are associated with a computer user named "Tom", then the computer will 
activate the location device associated with "Tom" and which 'Tom" carries 

15 around with him. It is to be understood, of course, that identification of the 
location device to be activated can be accomplished by any method and on the 
basis of any parameters which assure that the proper location device will be 
activated. For instance, parameters used in the log-in and subsequent activation 
may be on the basis of voice recognition, body heat signature, retinal scan, 

20 fingerprint scan, and/or visual observation, etc. 

Further, actual activation of the location device can be carried out 
by any method, as long as the locating device is ftmctionally activated. For 
instance, activation can be accomplished though radio signals, electrical signals, 
and/or infrared signals. Preferably the location device will be activated through a 

25 medium separate fi-om that which the individual is using to log-in to the central 
computer. That is, for example, if the individual attempting to log-in is doing so 
over the Internet, the locating device can be activated through the use of satellite 
relays. 

Upon activation, in step 140, the locating device transmits a 
30 location signal. Transmission of the location signal can be by any medium which 
ensures that the location signal is received by the central computer. For example, 
the location signal can be transmitted via airwave and relayed by satellite, or 
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through land-line using the Internet as a relay. The location signal itself can be any 
type of signal which is capable of carrying the location data and of being 
transmitted and received. For instance die signal can be radio wave, infrared, or 
even microwave. Preferably the location signal is broadcast as a radio wave in 

5 either a digital or analog format. 

In step 150, the broadcast location signal is received by the central 
computer and a determination of the location of the locating device is made. In 
order to make the determination, the location signal may act as a homing beacon or 
may contain location data (coordinates). If the location signal acts as a homing 

1 0 beacon for the location of the location device, the central computer can determine 
the location of the locating device. If the locating signal contains location data, 
that is, the actual location (coordinates) of the locating device, then the location 
device itself can determine its own location. Either way, position detection will 
need to be accomplished and it is acceptable that any such position detection 

15 method or system be utilized. Preferably, die Global Positioning System is used. 

Upon a determination of the location of the locating device, in step 
160 the central computer decides if the locating device's location is at, or within a 
pre-determined proximity of, a pre-registered location. If the location is 
determined to be valid, log-in will be completed. If the location is not valid, log-in 

20 will be terminated. This decision step, then, determines whetiier access will be 
granted or denied. If the log-in is allowed to be completed, in step 170 the 
individual logging-in may tiien access the data files of the central computer. If the 
log-in is not allowed, in step 180 die connection is terminated and the central 
computer can generate appropriate messages to the appropriate parties that an 

25 unauthorized log-in was attempted. 

In die case where die log-in is allowed because die locating device 
was determined to be at a pre-registered location, periodic updates of die location 
of the locating device may be accomplished. This ensures diat tiie locating device 
stays with die individual who has logged-in, and can also act as a way of checking 

30 the original determination of die location of die locating device. Furdier, if any 
discrepancies occur in die subsequent updates, die central computer can terminate 
or restrict access. Lasdy, an initial log-in from an audiorized site can be used to 
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fine-tune the location's coordinates, if necessary, so that the system can be more 
accurate. 

It should be noted that the central computer may also at any time 
send a message to the individual identified in step 130 that he or she has been 

5 identified as attempting to log-in and/or has been granted access to log-in. Thus if 
the individual identified in step 130 is at a pre-registered location, but is in feet not 
logging-in to the central computer, that individual can notify the appropriate 
personnel and access to the unauthorized individual in fact logging-in can be 
denied and/or terminated. Messages may be sent in any fashion which wiU reach 

10 the authorized individual identified in step 130. For instance, a message may be 
sent via telephone, pager, priority e-mail. etc. 

Referring to Figure 2, transmission of the location signal is shown. 
In tiiis example, the central computer 1 communicates with remote computer 2 via 
communication medium 4, and with location device 3 via communication medium 

15 6. Thus, when an individual attempts to log-in to the central computer 1 using 
remote computer 2, the central computer 1 sends an activation signal by 
communication medium 6 to the location device 3. Communication medium 6 
uses satellite system 5 for relay of communication. In response, location device 3 
sends location signal 7 via communication medium 6 to central computer 1. 

20 It should be noted that other information can be sent along with the 

location signal. For instance, information which might be sent might include a 
"time stamp". Such a "time stamp" could be utilized as an assurance that the 
location signal is being sent from the location indicated by it. The central 
computer could be synchronized to the GPS atomic clock and determinations of 

25 how long the location signal took to transmit could be made. Also, for instance, a 
passcode for the location device could be sent A separate passcode for the 
location device would ensure tiiat tiie proper location device was transmitting the 
location signal. 

Thus, as can be seen from the foregoing description, an additional 
30 layer of computer security can be added to present computer security systems 
tiirough tiie use of tiie present invention. Further, implementation of the present 
invention would require only nominal system adjustments. 
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In the foregoing description, the method and apparatus of the 
present invention have been described with reference to a specific example. It is to 
be understood and expected that variations in the principles of the method and 
apparatus herein disclosed may be made by one skilled in the art and it is intended 
5 that such modifications, changes, and substitutions are to be included within the 
scope of the present invention as set forth in the appended claims. The 
specification and tiie drawings are accordingly to be regarded in an illustrative 
rather than in a restrictive sense. 
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Claims; 

1 . A method for enhancing computer security using a location device, comprising 
the steps of: 

5 registering at least one remote log-in location for a computer 

networic; 

registering a log-in contact to the computer network; 

commanding activation of the location device upon establishment of 

the log-in contact; 
10 receiving a location signal from the location device; 

determining a location of the location device on the basis of the 

received location signal; and 

determining whether the location of the location device is an 
authorized location with reference to the registered information that identifies the 
15 at least one authorized remote log-in location. 

2, The method according to claim 1, further comprising the step of: 

approving the registration of the at least one remote log-in location. 

20 3. The method according to claim 1, further comprising the step of: 

identifying the location device to be activated upon at least one 
parameter contained in the log-in contact. 

4. The method according to claim 1, further comprising the step of: 

25 determining an update of the location of the location device. 

5. The method according to claim 1, further comprising the step of: 

sending a message to an individual to whom the location device is 
identified as belonging. 

30 

6. The method accordmg to claim 1 , wherein activation of the location device is 
accomplished by radio wave. 
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7. The method according to claim I, wherein the transmitted location signal may 
contain a plurality of data 

5 8. The method according to claim 7, wherein the plurality of data are location 
coordinates derived torn a Global Positioning System. 

9. The method according to claim 1, wherein the transmitted location signal 
contains a "time stamp". 

10 

10. The method according to claim I, wherein access to the computer network is 
granted if the location of the location device matches the at least one remote 
registered log-in location. 

15 1 1 . The method according to claim 1, wherein access to the computer network is 
denied if the location of the location device does not match the at least one remote 
registered log-in location. 

12. A method for enhancing computer security using a location device, comprising 
20 the steps of: 

storing information identifying at least one authorized remote log-in 

location for log-in to a computer; 

establishing a log-in contact with the computer, 

activating transmission of a locating signal from the location device 

25 upon the log-in contact; 

determining a location of the location device on the basis of the 

locating signal; and 

determinmg whether the location of the locating device corresponds 

to the at least one remote log-in location. 

30 

13. The method according to claim 12, further comprising the step of: 
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securing authorization for the storing of the at least one remote log- 
in location. 

14. The method according to claim 12, further comprising the step of: 

identifying the location device from which the location signal is to 
5 be activated upon at least one parameter contamed in the log-in contact. 

15. The method accordmg to claim 12, fiirther comprising the step of: 

determining an update of the location of the location device. 

10 16. The method according to claim 12, further comprising the step of: 

sending a message to an individual to whom the location device is 
identified as belonging. 

1 7. The method according to claim 12, wherein activation of the location device is 
1 5 accomplished by radio wave. 

1 8. The method according to claim 12, wherein the transmitted location signal 
may contain a plurality of data, 

20 1 9. The method according to claim 1 8, wherein the plurality of data are location 
coordinates derived from a Global Positioning System. 

20. The method according to claim 12, wherein the u-ansmitted location signal 
contains a "time stamp". 

25 

21. The method according to claim 12, wherein computer access is granted if 
the location of the location device matches the at least one authorized remote log- 
in location. 

3D 22. The method according to claim 12, wherein computer access is denied if the 
location of the location device does not match the at least one authorized remote 
log-in location. 



SUBSTITUTE SHEET (RULE 26) 



wo 99/50734 



PCT/US99/05025 



14 

23. A method for enhancing computer security using a location device, comprising 
the steps of: 

receiving a log-in contact; 
5 commanding activation of the location device upon receipt of the 

log-in contact; 

determining a location of the location device on the basis of a 

received location signal; and 

determining whether the location of the location device corresponds 

10 to an authorized remote log-in location. 

24. The method according to claim 23, further comprising the step of: 

storing information identifying at least one authorized remote log-in 
location for log-in to a computer, 

15 

25. The method according to claim 24, further comprising the step of: 

securing authorization for the storing of the at least one remote log- 
in location. 

20 26. The method according to claim 23, further comprising the step of: 

identifying the location device to be activated upon at least one 
parameter contained in the log-in contact. 

27. The method according to claim 23, further comprising the step of: 

25 determining an update of the location of the location device. 

28. The method according to claim 23, further comprising the step of: 

sending a message to an individual to whom the location device is 
identified as belonging. 

30 

29. The method according to claim 23, wherein activation of the location device is 
accomplished by radio wave. 
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30. The method according to claim 23, wherein the transmitted location signal 
may contain a plurality of data. 

5 31. The method according to claim 30, wherein the pluraUty of data are location 
coordinates derived from a Global Positioning System. 

32. The method according to claim 23, wherein the transmitted location signal 
contains a "time stamp". 

33. The method according to claim 23, wherein computer access is granted if 
the location of the location device matches the authorized remote log-in location. 

34. The method according to claim 23, wherein computer access is denied if the 
15 location of the location device does not match the authorized remote log-in 

location. 

35. An apparatus for enhancing computer security using a location device, 

comprising: 
20 a central computer; 

means for receiving a location signal sent from the location device 
to the central computer, die location signal containing at least a location of the 
location device, 

wherein access of the central computer is determmed on the basis of 
25 the location of the location device matching a pre-registered access location. 

36. The apparatus according to claim 35, fiirther comprising: 

means for determining the location of the locating device. 

30 37. The apparatus according to claim 36, further comprising: 

a means for communicating between the central computer and a 

remote station. 
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38, An apparatus for enhancing computer security using a location device, 
comprising: 

a memory storing at least one authorized remote logrin location 

5 information; 

a means for allowing a remote log-in contact; 

an activator activating transmission of a location signal from the 

location device; 

a receiver receiving the transmission of the location signal; 
[0 a means for determining a location of the location device on the 

basis of the transmitted location signal; 

a central computer which determines whether the location of the 
location device is an authorized location with reference to tiie stored at least one 
authorized remote log-in location information. 
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